问题
Is there any example/tutorial to build and configure TLS-secured restful service using quarkus.io?
Unfortunately I can not find one neither at quarkus documentation, no here.
回答1:
It is indeed supported by our Undertow extension but, unfortunately, not documented.
You can define things like the following:
quarkus.http.ssl.certificate.file=...
quarkus.http.ssl.certificate.key-file=...
...
in your application.properties.
The config entry point is ServerSslConfig (see https://github.com/quarkusio/quarkus/blob/master/core/runtime/src/main/java/io/quarkus/runtime/configuration/ssl/ServerSslConfig.java#L41). You then add the nested properties with dots and transform camel-case to dashes.
If you want to build a native executable, there's a good chance you will have to add quarkus.ssl.native=true too.
If you have feedback or if you want to contribute a guide for that, feel free to join us on Zulip or open issues/PRs on GitHub.
回答2:
Thanks mr. Guillaume Smet, I found the solution. Here is "from zero to hello in 5 minutes with Quarkus and SSL guide". This is done by quarkus undertow plugin. Also you will need text editor, jdk 1.8+ and maven installed.
Frist, create the project.
mkdir restls
cd restls
mvn io.quarkus:quarkus-maven-plugin:create -DprojectGroupId=org.acme -DprojectArtifactId=restls -DclassName="org.acme.HelloResource" -Dpath="/hello" -Dextensions="undertow"
Open your application config file src/main/resources/application.properties with any editor and add lines:
quarkus.http.port=80
quarkus.http.ssl-port=443
quarkus.http.ssl.certificate.key-store-file=keystore.jks
Create keystore containing self-signed certificate (answer all questions and specify password namelly "password"):
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 365 -keysize 2048
The file keystore.jks must be in the src/main/resources/ folder.
Build the project:
mvnw clean package quarkus:build
Now try it out:
java -jar target/restls-1.0-SNAPSHOT-runner.jar
Navigate to https://localhost/hello and allow your browser to trust certificate. That's all.
You can override options in invocation time like this:
java -Dquarkus.http.ssl.certificate.key-store-file=/path-to-keystore/keystore-name.jks -jar target/restls-1.0-SNAPSHOT-runner.jar
Finally, here is the concerning options list:
quarkus.http.ssl.certificate.file -- The file path to a server certificate or certificate chain in PEM format.
quarkus.http.ssl.certificate.key-file -- The file path to the corresponding certificate private key file in PEM format.
quarkus.http.ssl.certificate.key-store-file -- An optional key store which holds the certificate information instead of specifying separate files.
quarkus.http.ssl.certificate.key-store-file-type -- An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.
You can specifiy either certificate + key files in PEM format or keystore.
来源:https://stackoverflow.com/questions/55588382/quarkus-https-restful-service